Pi-Hole Raspberry Pi Simple Setup on Surf SOHO router, one LAN/VLAN
This process will set up a simple Raspberry Pi Pi-Hole DNS filtering ad and tracker blocker. All settings will be kept on the Pi-Hole and the router, and nothing will be manually set on any of the client devices on the network. This instruction set is specific for the Pepwave Surf SOHO Mkiii, using firmware 8.0.2, and Ethernet connection between the router and the Raspberry PI; any variance from these specifics can change the instructions.
Router: You’re going to be making changes to your router, so saving your configuration first is a good idea.
Determine which LAN/VLAN you want the Pi-Hole on. Go to Router Admin/Network/LAN/Port Settings and select the port you’re using for RPi/Pi-Hole Ethernet cable. Change the “Port Type” to “Access,” and in the VLAN column, select the name of the VLAN you’ve determined earlier.
RPi (“Raspberry Pi”): Setup RPi and increase its security by update and upgrade, change default password, add ssh access, remove password login, require sudo password.
Note: this is basic RPi setup. For this Pi-Hole installation I did not add a firewall or fail2ban, as the Pi-Hole will be behind the NAT and therefore aren’t needed and do add complexity. Firewall, fail2ban, Inter-VLAN routing, and firewall rules may be required for other RPi uses, but not for this single-VLAN Pi-Hole setup.
RPi: Install Pi-Hole and agree to the suggestion to use the current IP as its static IP address and six blocklists.
4.1. Go to Status/Client List and note the RPi listed with the static IP address you selected during Pi-Hole installation. In the last column click the symbol (“luggage tag”) under “Import.” This will add the Pi-Hole IP to DHCP Reservation, which will work for Pi-Hole’s requirement for a “static IP.”
4.2. Go to Network/Network Settings and select the network you’re adding it to. The RPi should already be listed at the bottom under “DHCP Reservation.”
Unselect the “Assign DNS server automatically.” That will open a drop down list; in block 1, add the RPi IP, the same listed below in “DHCP Reservation.” Add nothing in Block 2. This is what the VLAN will use as a DNS address.
Reboot RPi. Reboot network devices for them to look for a DNS address. Pi-Hole should now be functional. Test. If it’s working, also test whether it works when RPi is shut down. It shouldn’t work, but some devices have hard-coded DNS that will work when your Pi-Hole DNS is off. It’s good to know either way.
I use the RPi/Pi-Hole on my Internet of Things VLAN (IoT_V1), my Amazon Fire Stick for media streaming. After getting the Pi-Hole running, for backup, I added a second, unused, IoT_V2 VLAN in case the RPi/Pi-Hole goes down or I have to take it offline. The backup will be a non-Pi-Hole setup, and I have already added the SSID password, so I will simply connect the Fire Stick to the backup SSID in a separate VLAN and will be up and running within seconds.
Note: The main advantage to having all your Pi-Hole settings on the router is that you can change them easily. Before this method I tried setting my MacBook Pro DNS to the RPi’s IP - it was a pretty awful setup. The problem was that a manual DNS over-rode the auto settings in the MacBook, and it used the same DNS for all of my VLANs. It required research and removal of five .plist files to return the MacBook to automatic operation. I would avoid manually setting a device’s DNS.
I used a Raspberry Pi 3B+, a current model. It supports both WiFi and standard-plug Ethernet. Pi-Hole apparently doesn’t stress the system much, and older and smaller ones will work, also.